Digital transaction signing for multiple client devices using secured encrypted private keys

ABSTRACT

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for signing digital transactions from multiple client devices using secured encrypted private keys associated with electronic accounts. One of the operations is performed by storing multiple encrypted private keys in a memory cache accessible by a primary device. Each of the stored encrypted private keys are associated with an electronic account. An electronic transaction which is associated with an electronic account is received from a secondary device. A particular encrypted private key from the stored multiple encrypted private keys is identified. The identified encrypted private key is transmitted to a decrypting service where the encrypted private key is decrypted. The electronic transaction is then digitally signed based on the unencrypted private key. Then the digitally signed electronic transaction is transmitted to the requesting secondary device.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of U.S. application Ser. No.16/681,793, filed Nov. 12, 2019, which claims the benefit of U.S.Provisional Application No. 62/886,501, filed Aug. 14, 2019, both ofwhich are hereby incorporated by reference in their entirety.

BACKGROUND

Digital signing allows validation and authentication of electronic dataand electronic transactions. A signatory has a public and private keypair where the public key is publicly distributed to other persons andsystems and the private key is maintained in secret and not shared withothers. Digital signatures may be generated in conjunction with the useof the private key with verification of the signature using thecorresponding public key. A properly signed digital signature provides areceiving person or a receiving system confirmation that the signedelectronic data was indeed originated by the sender or system owning theprivate key. Also, a public key crypto scheme may be used to encryptsensitive data such that only the holder of the private key has accessto that data. In the case of crypto currency, a private key may also beused to limit access to electronic wallets where the crypto currency isstored. The electronic wallet will only release the crytpo currency oncethe wallet verifies a withdrawal request is digitally signed by theowner of the private key. It is therefore critical to safeguard theprivate key and protect it so that the private key is not compromised.Large distributed systems handling private keys, however, are ofteninadequate in protecting private keys from administrators of suchsystems.

SUMMARY

Described herein is an exemplary system for digital transaction signingfor multiple client devices using secured encrypted private keys. Thesystem encrypts and stores private keys in a secured manner to preventadministrators of the system from accessing private key information. Thesystem provides a mechanism to create, manage and store private keys insuch a way that no single user (or minority group of users) has accessto unencrypted private keys. The system also provides a mechanism todistribute private keys across different geographies using distributedservers for secured storage of the private keys. Additionally, thesystem provides a mechanism for the creation and signing of electronictransactions using the stored private keys.

In general, one innovative aspect of the subject described in thisspecification can be embodied in systems, computer readable media, andmethods that include operations for digital transaction signing formultiple client devices using secured encrypted private keys. One of theoperations is performed by storing multiple encrypted private keys in amemory cache accessible by a primary device and decrypting the privatekeys as needed. Each of the stored encrypted private keys are associatedwith an electronic account. An electronic transaction which isassociated with an electronic account is received from a secondarydevice. A particular encrypted private key from the stored multipleencrypted private keys is identified. The identified encrypted privatekey is transmitted to a decrypting service where the encrypted privatekey is unencrypted. The electronic transaction is then digitally signedbased on the unencrypted private key, and the digitally signedelectronic transaction is transmitted to the requesting secondarydevice. The transactions and transfer of data among devices ideallyshould be performed over private and/or secured networks. Further areasof applicability of the present disclosure will become apparent from thedetailed description, the claims and the drawings. The detaileddescription and specific examples are intended for illustration only andare not intended to limit the scope of the disclosure.

In general, another innovative aspect of the subject described in thisspecification can be embodied in systems, computer readable media, andmethods that include operations for digital transaction signing with ahardware device using secured encrypted private keys. One of theoperations is performed by the hardware device generating a private keyand public key pair. The private and public key pair is associated withan electronic wallet or account. The hardware device has its ownassociated private and public key pair. The hardware device generatesmultiple key shares of the private key associated with the electronicaccount. The hardware device uses a technique such as Shamir's secretsharing to divide the private key associated with the account into apredetermined number of key shares. A quorum of the total number of keyshares will later be required by the hardware device to reconstruct theprivate key associated with the electronic account. The hardware deviceencrypts each of the multiple key shares with a public key associatedwith the hardware device, thereby creating multiple first encrypted keyshares. Later, the private key of the hardware device is needed todecrypt (i.e., unlock) the multiple first encrypted key shares. Thehardware device encrypts each of the multiple first encrypted key shareswith separate user public keys, thereby creating multiple secondencrypted key shares. The multiple second encrypted key shares areobtained from the device and distributed to the respective usersassociated with the separate user public keys. The system transmitstransaction data to two or more of the respective users for theirapproval. Ideally, the system does not provide information to a user ofwhich users have received the transaction data. The system signs thetransaction data with a public key associated with the hardware device.The system receives credential information from the respective users anddecrypts, using the user's private key, the second encrypted key sharesto generate the first encrypted key shares. In this embodiment, thesystem receives the credential information via a client user interfaceor alternatively using the users trusted software to decrypt. Thecredential information does not reach the services and or other serversof the system. The system generates a transaction packet including acopy of the signed transaction data and the first encrypted key share.The system encrypts the transaction packet for each of the respectiveusers with the public key associated with the device. Doing so thenallows only the private key associated with the device to decrypt thetransaction packets.

The hardware device then receives a copy of two or more encryptedtransaction packets. Each of the transaction packets include differentfirst encrypted key shares of the respective users. The hardware device,using the device private key, decrypts each of the two or more encryptedtransaction packets, thereby generating two or more unencrypted keyshares. The hardware device then generates a reconstructed private keyassociated with the electronic account based on the two or moreunencrypted key shares. The hardware device requires a minimum number ofkey shares from the total originally generated key shares to reconstructthe private key. After the private key is reconstructed, then thehardware device may digitally sign the transaction with thereconstructed private to approve the transaction. The digitally signedtransaction may then be transmitted or broadcasted to a block-chainnetwork.

As will be described below, the system divides a wallet private key intomultiple key shares that are then used to reconstruct the wallet privatekey. By using key shares to start ensures that no single user or entityhas control over an electronic wallet. The system provides an innerlayer and an outer layer of encryption for the multiple key shares ofthe wallet private key. For the inner layer (i.e., a first layer) ofencryption, the system uses an offline device public key to encrypt eachof the multiple key shares. The inner layer of encryption ensures thatonly the offline device with its private key can decrypt the inner layerof encryption of the multiple key shares. Also, the use of the innerlayer of encryption for the key shares ensures that the electronicwallet can only be reconstructed by the offline device using its privatekey. For the outer layer (i.e., a second layer) of encryption, thesystem uses a public key for the respective users that are to receivethe encrypted key shares. The outer layer of encryption ensures that noone other than the holder of a user private key will have access to thesingle-encrypted wallet key share. Additionally, the system may use apublic key of an intermediary service to transmit approved transactionsfor distribution to a crypto-currency network. This ensures thatapproved transactions are encrypted and may only be decrypted by theservice that is broadcasting an approved transaction.

BRIEF DESCRIPTION OF THE DRAWINGS

The present disclosure will become better understood from the detaileddescription and the drawings, wherein:

FIG. 1 illustrates an example system architecture for signing digitaltransactions using secured encrypted private keys.

FIG. 2 illustrates a flowchart of an example process for signing digitaltransactions using secured encrypted private keys.

FIG. 3 illustrates a flowchart of an example process for receiving anunencrypted private key, encrypting the unencrypted private key andstoring the encrypted private key in a data storage service.

FIG. 4 illustrates a flowchart of an example process for an intermediaryservice to manage requests for storing, deleting or updating encrypteddata stored on the data storage service.

FIG. 5 illustrates a flowchart of an example process for an intermediaryservice to manage requests for retrieving encrypted data from a datastorage service.

FIG. 6 illustrates an example diagram of the system using Shamir'sSecret Sharing technique requiring a quorum of users to access a masterkey to access and/or store encrypted private keys.

FIG. 7 illustrates an example system architecture for processing digitaltransactions using secured encrypted private keys.

FIG. 8 illustrates a flowchart of an example process for generatingsecured encrypted private keys.

FIG. 9 illustrates an example diagram of the system generating a privatekey and using Shamir's Secret Sharing technique to encrypt multiple keyshares.

FIG. 10 illustrates a flowchart of an example process for securelyprocessing a digital transaction.

FIG. 11 illustrates an example diagram of the system securely processinga digital transaction.

FIG. 12 illustrates an example system architecture for combining thearchitecture depicted in FIG. 1 and FIG. 7.

FIG. 13 illustrates an example machine of the computer system.

DETAILED DESCRIPTION

In this specification, reference is made in detail to specificembodiments of the invention. Some of the embodiments or their aspectsare illustrated in the drawings.

For clarity in explanation, the invention has been described withreference to specific embodiments, however it should be understood thatthe invention is not limited to the described embodiments. On thecontrary, the invention covers alternatives, modifications, andequivalents as may be included within its scope as defined by any patentclaims. The following embodiments of the invention are set forth withoutany loss of generality to, and without imposing limitations on, theclaimed invention. In the following description, specific details areset forth in order to provide a thorough understanding of the presentinvention. The present invention may be practiced without some or all ofthese specific details. In addition, well known features may not havebeen described in detail to avoid unnecessarily obscuring the invention.

In addition, it should be understood that steps of the exemplary methodsset forth in this exemplary patent can be performed in different ordersthan the order presented in this specification. Furthermore, some stepsof the exemplary methods may be performed in parallel rather than beingperformed sequentially. Also, the steps of the exemplary methods may beperformed in a network environment in which some steps are performed bydifferent computers in the networked environment.

Some embodiments are implemented by a computer system. A computer systemmay include a processor, a memory, and a non-transitorycomputer-readable medium. The memory and non-transitory medium may storeinstructions for performing methods and steps described herein.

FIG. 1 illustrates an example system architecture for signing digitaltransactions using secured encrypted private keys. One or more clientdevices 110 (e.g., a workstation, laptop, server, mobile phone, tabletdevice) runs software, services or applications that generate publickey/private key pairs for use in public key and private key encryptedtransactions. Generally, a public key is known or provided to manypeople, whereas a private key is kept secret. The public key is used toencrypt data and only the private key can “unlock” and decrypt the datausing the private key. For example, in the context of crypto-currencytransactions such as Bitcoin, an application (e.g., a wallet) initiallycreates a public and private key pair. The owner of the walletdistributes the public key to others so that the owner of the wallet mayreceive transactions to receive transfers of crypto currency to theowners account.

The wallet randomly generates a private key of a 256-bit number andtypically represented in 32 bytes as a hexadecimal number, or as 64bytes in the range of 0-9 or A-F. The public key is mathematicallyderived from the private key. The public key (a.k.a. bitcoin address) isan identifier of 26-35 alphanumeric characters beginning with the number1 or 3 that represents a possible destination for a bitcoin transfer.The wallet also stores a log of incoming and outgoing transfers ofcrypto-currency. The wallets may perform funds transfers for any type ofcurrency that uses public key signing (e.g., for authorization andauthentication), such as the following crypto-currency types: Bitcoin(BTC), Litecoin (LTC), Ethereum (ETH), Ripple (XRP), Bitcoin Cash (BCH),Monero (XMR), Zcash (ZEC), Dash (DASH) NEO (NEO), Cardano (ADA) and EOS(EOS).

In an alternative embodiment, the digital signing service 120 maygenerate a public/private key pair. The digital signing service mayreceive a request from the client device 110 or from the intermediaryservice 140 to create a new public/private key pair. In this embodiment,the wallet would not have direct access to an unencrypted private key.The newly generated private key is encrypted as described below. Thedigital signing service 120 may return the public key to the clientdevice 110 and/or to the intermediary service 140.

Referring to FIG. 1, the client device 110 receives or generates arequest for a transaction to transfer crypto-currency (e.g., electroniccurrency) for a particular user's wallet. For example, a request may bereceived or generated to transfer electronic funds from one bitcoinaddress to another bitcoin address. Additionally, the user may initiatea request to transfer funds from their wallet to another bitcoinaddress. Users owning a wallet must separately provide a password and/orpin to access their respective wallets. Additionally, the system 100 mayrequire an additional 2-factor authentication for the users (e.g., byproviding an SMS text message with a passcode, or push notification to adevice of the user with a passcode) where the user must additionallyenter a received passcode to access their wallet and be able to submittransfer requests.

The wallet application creates an unsigned transaction (e.g., anunsigned bitcoin transaction) related to the electronic account for theuser's wallet. In one embodiment, user electronic accounts may beorganized by the system 100 where the user electronic account is one ofmany sub-accounts of a master account. The master account is anelectronic account configured to own all of the crypto-currency for thesub-accounts. Each of the sub-accounts own a portion of the total amountheld in the master account. The system 100 may generate a master privatekey for the master account and generate private keys (e.g., sub-keys)for the sub-accounts. The private keys may be derived from the masterprivate key.

The client device 110 communicates, via communications network 115, withthe digital signing service 120. The digital signing service 120communicates, via communications network 125, with theencryption/decryption service 130. The digital signing service 120communicates, via communications network 135, with the intermediaryservice 140. The intermediary service 140 communicates, viacommunications network 145, with the data storage service 150. As usedherein a communications network 115, 125, 135, 145 may be an electronicnetwork (e.g., any one of a local area network, wide area network, theInternet or an intranet) providing for the receiving and transmission ofdata among devices. In one embodiment, the communication networks 115,125, 135, 145 are TCP/IP based networks where data is transmitted usingtransport layer security (TLS) so that data transmissions are encryptedon the communications network 115, 125, 135, 145. Additionally, thesystem 100 may use a private encrypted network for connections over thecommunications network 115, 125, 135, 145 among servers, devices and/orservices and applications. While the system 100 is shown in FIG. 1 in adistributed architecture with different services performed on differentservers, the services may be combined and/or further distributed intoadditional services or functionality.

The wallet application generates an electronic transaction (e.g.,transfer of funds from the account) for a particular electronic accountand submits the transaction to the digital signing service 120 fordigital signing. The system 100 may first perform validation checks todetermine whether the transaction is an approved transaction (e.g.,determining if the value of the transaction exceeds a predeterminedthreshold amount for a transaction, determining if the account exceeds apredetermined number of transactions and/or predetermined number oftransactions within a time period, such a number of hours, days, weeks,months.) If the transaction is not approved, then the system 100 willflag the transaction, and will not proceed with signing of thetransaction. The system 100 may optionally perform a validationoperation to determine whether the public address to which the funds arebeing transferred to is on an approved list (e.g., a public addresswhite list). If the system 100 determines that the public address is onthe approved list (e.g., a list of public addresses stored in memoryaccessible by the system 100), then the digital signing service 120receives the electronic transaction for digital signing. Once thetransaction is signed, the wallet application may then broadcast theelectronic transaction, for example to a bitcoin block chain.

FIG. 2 illustrates a flowchart of an example process for signing digitaltransactions using secured encrypted private keys. The digital signingservice 120 receives a set of encrypted private keys that may have beenstored in and received from a data storage service 150 as describedbelow. The digital signing service 120 stores the multiple encryptedprivate keys in a data storage device (e.g., a non-persistent memorycache in random access memory) accessible by the digital signing service(block 210). Each of the multiple encrypted private keys may have anassociated index value which is also stored in the memory cache. Thedigital signing service 120 uses the index value to perform lookups(e.g., via a lookup table in the memory cache) and identifies aparticular encrypted private key associated with the index value. Forexample, the value of the index may be the associated the public keypair of the private key, an account number of the electronic account, ahash value of the account number, or any other suitable identifier thatuniquely identifies the electronic account.

The digital signing service 120 receives from a client device 110 anelectronic transaction associated with an electronic account (block220). The digital signing service provides an application programinterface (API) for receiving transactions and requests from the clientdevices 110. For example, the client device 110 may submit to thedigital signing service 120 a request to authenticate an electronictransaction for an outgoing transfer of electronic currency from theelectronic account. The digital signing service 120 converts a value ofthe electronic account to an index value, or obtains a public keyassociated with the electronic account and used the value of the publickey as the index value. The digital signing service 120 then identifiesa respective encrypted private key corresponding to the index value(block 230).

The digital signing service 120 securely provides (e.g., transmits), viacommunications network 125, the identified encrypted private key fromthe digital signing service 120 to an encryption/decryption service 130(block 240). The digital signing service 120 stores in the memory cachea cryptographic key used specifically with the encryption/decryptionservice 130 for encrypting and decrypting data sent to theencryption/decryption service 130. The encryption/decryption service 130may decrypt the encrypted private key using one or moreencryption/decryption standards (e.g., AES 128-bit, 192-bit, 256-bit;3DES; Twofish 128-bit to 256-bit; RSA 1024-bit, 2048-bit). Theencryption/decryption service 130 decrypts the encrypted private key andtransmits, via the communications network 125, the decrypted private keyto digital signing service 120.

In one embodiment, the encryption/decryption service 130 is a HardwareSecurity Model (HSM) encryption/decryption service which provides atamper-resistant hardware architecture that allows cryptographicoperations (encryption, decryption) while keeping the cryptographic keywithin its hardware boundary. For example, the encryption/decryptionservice 130 may be a cloud-based server service which is a managedhardware security model on the cloud-based service.

In one embodiment, the digital signing service 120 receives theunencrypted private key from the encryption/decryption service viacommunications network 125 (block 250). The digital signing service 120uses the unencrypted private key to digitally sign the electronictransaction (block 260). In another embodiment, the digital signingservice 120 and the encryption/decryption service 130 may be combinedinto a single service that performs both encryption/decryption ofencrypted private keys and signing of the electronic transaction. Inthis embodiment, a decrypted private key is not returned or transmittedover a communications network or to any other service or device. In suchan embodiment, the combined services 120 and 130 may expose an encryptedprivate key for backup purposes. The encrypted private key may be backedup using the data storage service 150.

The digital signing service 120 generates a digital signature whichprovides validation and authentication of the electronic transactions.The digital signature is generated in conjunction with the use of theunencrypted private key. The digital signature may be later verifiedusing the corresponding public key. In one embodiment, the digitalsignature is a mathematical scheme for presenting the authenticity ofelectronic transactions, messages or documents. For example, the digitalsigning service 120 may create a one-way hash of the electronictransaction using the private key to encrypt the hash using anasymmetric cryptographic technique. Each signed electronic transactionwould have a different digital signature based on the unencryptedprivate key used to sign the electronic transaction.

The digital signing service 120 wipes from the memory cache and/or anyother data storage devices all instances of the unencrypted private keyand may do so immediately after digitally signing the electronictransaction. The wipe may be performed within 10 ms, 100 ms, 1 second, 1minute, 10 minutes, 1 hour, or other intervals of the digitally signingof the electronic transaction. The digital signing service 120 thentransmits, via communications network 115, to the requesting clientdevice (block 270) the signed digital transaction. The signed electronictransaction may be later verified as originating from the private key bydecrypting the signed electronic transaction with a public keycorresponding to the private key. An electronic wallet then maybroadcast the electronic transaction, for example to a bitcoin blockchain.

FIG. 3 illustrates a flowchart of an example process for obtaining anunencrypted private key, encrypting the unencrypted private key andstoring the encrypted private key in a data storage service 150. Thedigital signing service 310 obtains an unencrypted private key pair(block 310). In one embodiment, the client device 110 securely transmitsover the communications network 115 and the digital signing service 120receives an unencrypted private key from the client device 110. Inanother embodiment, the digital signing service 120 may receive aninstruction or command to generate both the public key and itsassociated unencrypted private key pair. For example, the client device110 may request a new public/private key pair be generated, or theintermediary service 140 may request that a new public/private key pairbe generated. In response to the request, the digital signing service120, then would generate a new public/private key pair.

The digital signing service 120 securely transmits, via communicationsnetwork 125, the unencrypted private key from the digital signingservice 120 to an encryption/decryption service 130 (block 320). Theencryption/decryption service 130 may encrypt the unencrypted privatekey using one or more encryption/decryption standards (e.g., AES128-bit, 192-bit, 256-bit; 3DES; Twofish 128-bit to 256-bit; RSA1024-bit, 2048-bit). The encryption/decryption service 130 encrypts theunencrypted private key and transmits, via the communications network125, the encrypted private key to digital signing service 120 (block330). The encryption/decryption service 130 thus provides a first layerof encryption for the private keys.

The encrypted private key and the unencrypted public key pair issecurely transmitted, via communications network 135, by the digitalsigning service 120 to the intermediary service 140. The intermediaryservice 140 then interacts with the data storage service 150 (asdescribed below) to store the encrypted private key and the unencryptedpublic key in another layer of encryption.

In one embodiment, the digital signing service 120 is a serviceoperating on one or more servers that are physically distinct andseparate from servers used for the encryption/decryption service 130,the intermediary service 140 and the data storage service 150. Inanother embodiment, the functionality and the processing of the digitalsigning service 120 may operate on the same servers and/or be combinedwith the encryption/decryption service 130, the intermediary service140, and/or the data storage service 150.

In one embodiment, after generation of a new encrypted private key, thedigital signing service 120 indexes (e.g., associates) the obtainedencrypted private key to an index value that corresponds to theunencrypted private key (block 340). In other embodiment, the system 100may index the encrypted private key later via a request made by theintermediary service 140. For example, the index value may be the valueof the public key pair, an account number of the electronic account, ahash value of the account number, or any other suitable identifier thatuniquely identifies the public key pair and/or the electronic account.The digital signing service 120 may optionally store the receivedencrypted private key and the index value in a non-persistent memorycache accessible by the digital signing service (block 350). Afterencrypting the unencrypted private key, the digital signing service 120wipes from memory and/or any other storage all data of the unencryptedprivate key.

The digital signing service 120 transmits the index value and encryptedprivate key, via communications network 135, to an intermediary service135, that in turn interacts, via communications network 145, with thedata storage service 150. The intermediary service 135 provides anintermediary layer of security distancing the digital signing service120 from the data storage service 150. For example, administrators ofthe digital signing service 120, intermediary service 140 and datastorage 150 service would be different users whose identity should bemaintained in secret as to the other users. The data storage service 150stores the encrypted private key and its associated index value asdescribed below.

In addition to receiving the unencrypted private key, the digitalsigning service 120 may receive from a client device 110 additional dataassociated with the electronic account (e.g., previous electronictransactions with date stamps indicating fund transfers to/from theelectronic account, the public key associated with the unencryptedprivate key, balances of electronic currency for the electronic account,account owner information such as name, address, and/or phone numbers.)The digital signing service 120 similarly may provide the associatedaccount data along with the unencrypted private key to theencryption/decryption service 130 to encrypt the associated account dataalong with the unencrypted private key. The encrypted private key, theencrypted associated account data and the electronic account indexidentifier may then be sent to the data storage service 150 forencrypted storage thereof. This process allows the system 100 to make aback-up copy of the contents of a user's wallet.

FIG. 4 illustrates a flowchart of an example process for an intermediaryservice 140 to manage requests for storing, deleting or updatingencrypted data stored by the data storage service 150. The intermediaryservice 140 interacts with the digital signing service 120 viacommunications network 135 and with the data storage service 150 viacommunications network 145. In one embodiment, the intermediary service140 is a service operating on one or more servers that are physicallydistinct and separate from servers used for the digital signing service120, the encryption/decryption service 130 and the data storage service150. In another embodiment, the functionality and the processing of theintermediary service 140 may operate on the same servers and/or becombined with the digital signing service 120, the encryption/decryptionservice 130, and/or the data storage service 150.

The intermediary service 140 is configured to initiate commands andrequests to and interact with the digital signing service 120 and thedata storage service 150. In one embodiment, the intermediary service140 is configured to handle and process requests related to the storage,retrieval, modification and deletion of encrypted data (e.g., theencrypted private key and/or encrypted associated account data) from thedata storage service 150 (block 410). For example, an administrativeuser may access the intermediary service 140 and request storage,retrieval, modification and/or deletion of encrypted data from the datastorage service 150.

Based on the particular request received, the intermediary service 140in turn requests from the data storage service 150 to store encrypteddata, update previously stored encrypted data or to delete previouslystored encrypted data managed by the data storage service 150 (block420).

In the case of a newly created encrypted private key, a request is made,via the intermediary service 140 to store the newly created encrypteddata (e.g., the encrypted private key and/or encrypted associatedaccount data) on the data storage service 150 (block 430). Theintermediary service 140 receives from the digital signing service 120 acopy of the encrypted private key. The intermediary service 140 providesa copy of the encrypted data to the data storage service 150. Thedigital signing service 120 transmits a copy of the encrypted data andassociated indices to the intermediary service 140, and/or provides alogical link to a shared memory or storage space where the encrypteddata is made available.

In the case of updated encrypted account data, a request is made via theintermediary service 140 to update the previously stored encryptedaccount data managed by the data storage service 150 (block 440). Theintermediary service 140 provides a copy of the updated encryptedaccount data to the data storage service 150. The digital signingservice 120 transmits a copy of the updated encrypted account data andassociated indices to the intermediary service 140, and/or provides alogical link to a shared memory or storage space where the updatedencrypted account data is made available.

In the case of deleting stored encrypted data, a request is made via theintermediary service 140 to delete previously stored encrypted datamanaged by the data storage service 150 (block 450). With a deletionrequest, the intermediary service may receive an identifier (e.g., anindex value) of the specific encrypted data to have deleted from thedata storage service 150. The intermediary service 140 requests theparticularly identified data to be deleted from the data storage service150.

In any of the cases for creation, updating or deletion of encrypteddata, the data storage service 150 provides the intermediary service 110an indicia (e.g., a positive return code or confirmation) if theencrypted data was successfully stored, updated and/or deleted by thedata storage service 150.

FIG. 5 illustrates a flowchart of an example process for an intermediaryservice 140 to manage requests for retrieving encrypted data from a datastorage service 150. In the case of a initializing a memory cache orpartially loading encrypted data into the memory cache, the intermediaryservice 140 receives a request to retrieve encrypted data (e.g., theencrypted private key and/or encrypted associated account data) that isstored by the data storage service 150 (block 510).

Based on the received request, the intermediary service 140 requestsfrom the data storage service 150 to retrieve encrypted data (block520). The request to retrieve data may include a parameter for aspecific encrypted data item (e.g., a particular encrypted private keyand/or encrypted associated account data). The request may include arange of particular encrypted data to be retrieved based on one or moreparameters (e.g., a date range the encrypted data was created or a daterange the encrypted data was last updated). The request may include aparameter to indicate that all stored encrypted data should beretrieved.

After proper data storage service authentication (as further discussedbelow), the intermediary service 140 receives the requested encrypteddata (block 530). The data storage service 150 provides the intermediaryservice 140 an indicia (e.g., a positive return code or confirmation) ifthe encrypted data was successfully retrieved by the data storageservice 150 (block 540).

The intermediary service 140 may determine that it properly received theencrypted data from the data storage service 150. For example, the datastorage service 150 may provide a check sum (e.g., SHA256 or MD5 hash)related to the retrieved encrypted data, and the intermediary service140 may evaluate the received encrypted data and check sum to confirmthat the received encrypted data was received intact.

After receiving the encrypted data, the intermediary service 140transmits the retrieved encrypted data to the digital signing service120 (block 550). The digital signing service 120 may confirm that itproperly received the encrypted data. For example, the intermediaryservice 140 may provide a check sum (e.g., SHA256 or MD5 hash), and thedigital signing service 120 may evaluate the received encrypted data andcheck sum to confirm the retrieved encrypted data was received intact.The digital signing service 120 may provide a positive confirmation tothe intermediary service 140 that the encrypted data was properlyreceived (block 560). If the data was not properly received, then theintermediary service 140 retransmits the encrypted data to the digitalsigning service 120. After successfully transmitting the encrypted datato the digital signing service 120, the intermediary service 140 wipesthe encrypted data from memory and/or storage devices.

The digital signing service 120 then stores the retrieved encrypted dataand associated indexes in a memory cache for digital signing asdiscussed above with respect to FIG. 1. While the digital signingservice 120 stores the retrieved encrypted data in the memory cache, thedigital signing service 120 may “age out” stored encrypted data that hasnot been used in a predetermined time period. For example, the storedencrypted data may include many encrypted private keys for accountswhere the accounts have not engaged in an electronic transaction withina time period, such as ninety days. The digital signing service 120 maydelete or wipe from the local cache the encrypted private keys relatedto accounts that have not engaged in any transactions within apredetermined time period. Removing encrypted private keys from thememory cache for inactive electronic accounts provides additionalprocessor efficiency for index lookups for electronic accounts that aremore active. If the digital signing service 120 later receives anelectronic transaction for a previous inactive account that needs to besigned with the removed encrypted private key from the memory cache,then the digital signing service 120 will request retrieval of theparticular encrypted private key related to the electronic account fromthe intermediary service 140 as discussed above with respect to FIG. 5.

Data Storage Service

The data storage service 150 provides an API which allows theintermediary service 150 to interact with the data storage service tocreate, retrieve, update or delete data stored by the data storageservice. The data storage service 150 provides for double encryption ofthe encrypted private keys. In one embodiment, the data storage service150 is configured to encrypt and store, and/or to decrypt and retrieve,an encrypted private key using Shamir's secret sharing technique.Initially, the private keys are encrypted by the encryption/decryptionservice 130, and then again by the data storage service 150. The datastorage service 150 may encrypt the encrypted private keys using one ormore encryption/decryption standards (e.g., AES 128-bit, 192-bit,256-bit; 3DES; Twofish 128-bit to 256-bit; RSA 1024-bit, 2048-bit).

In one embodiment, the data storage service 150 is a service operatingon one or more servers that are physically distinct and separate fromservers used for the digital signing service 120, theencryption/decryption service 130 and the intermediary service 140. Inanother embodiment, the functionality and the processing of the datastorage service 150 may operate on the same servers and/or be combinedwith the digital signing service 120, the encryption/decryption service130, and/or the intermediary service 140.

FIG. 6 illustrates an example diagram of the Shamir Secret Sharingtechnique requiring a quorum of users to access a master key. In oneembodiment, the data storage service 150, 650 uses the Shamir Secretsharing technique to allow the data storage service 150, 650 to decryptthe stored encrypted data 660. The data storage service 150, 650 isconfigured to encrypt and store the encrypted private keys in anencrypted form (i.e., provides a second layer of encryption) in a datastorage device and requires at least a predetermined number of privatekeys shares 610, 612, 614, 616, 618 from a total number of private keyshares 610, 612, 614, 616, 618 to decrypt the stored encrypted privatekeys and/or other encrypted data stored on the data storage device. Inother words, the data storage service 150, 650 requires a quorum of yusers to “unlock” the encrypted stored data with a master key 620. Thedata storage service 150, 650 uses a security mechanism where to accessor decrypt stored encrypted data 660 (e.g., the second encryption layerof the encrypted private keys), the data storage service 150, 650 wouldneed a minimum (x) of (y) users to unlock the stored encrypted data 660.A master key 620 is divided into y-number of key shares 610, 612, 614,616, 618. An x-number of key shares are needed to recompute the masterkey 620 to access or decrypt stored encrypted data 660. The total numberof required (x) users, and the total number of (y) users may beconfigured in the data storage service 150, 650. The data storage 150,650 service requires a minimum of (x) users to input a token thatcreates a private key and decrypts and sends the stored contents of thedata storage service 150, 650 to the intermediary service 140.

When the data storage service 150, 650 is initialized, the service mayprovide (y) key shares 610, 612, 614, 616, 618. The key shares 610, 612,614, 616, 618 may be encrypted via a public/private key encryptionscheme (e.g., GPG, PGP, etc.) for each of the y users. The system 100follows a protocol where the key shares 610, 612, 614, 6164, 618 aredistributed to the (y) users such that even an administrative user ofthe data storage service 150, 650 would not be able to access theprivate key shares 610, 612, 614, 616, 618 of the (y) users. Each of theusers has a public key and corresponding private key which is maintainedin secret by each of the (y) users. The public key is used to encryptthe key share 610, 612, 614, 616, 618 of the users and a usersrespective private key may be used to decrypt their private key share.The private key may be password or pin-protected so that a password orpin is required to decrypt the key share 610, 612, 614, 618.

When a request (e.g., retrieve encrypted data, delete encrypted data,update encrypted data and/or store new encrypted data) is sent from theintermediary service 140 to the data storage service 150, 650, the datastorage service notifies the respective (y) users of a request to unsealthe stored encrypted data (i.e., to allow the data storage service150,160 to perform the requested transaction). At least (x) of the totalnumber (y) users must separately provide a password and/or pin to unlocktheir private key share 610, 612, 614, 616, 618 and the system 100provides unlocked private key share 610, 612, 614, 616, 618 to the datastorage service 150, 650. Additionally to unseal the stored encrypteddata, the system 100 may require an additional 2-factor authenticationfor the users (e.g., by providing an SMS text message with a passcode,or push notification to a device of the user with a passcode) where theuser must additionally enter the passcode to unseal the stored encrypteddata with the users respective key shares 610, 612, 614, 616, 618.

The specification now discusses another embodiment for processingdigital transactions using secured encrypted private keys. FIG. 7illustrates an example system 700 architecture for processing digitaltransactions using secured encrypted private keys. The system 700includes a first sub-system 702 including one or more client devices 710interconnected via a communications link 735 to an intermediary service740. The one or more client devices 710 may generate or provide anapplication having a user interface to allow a user to interact withsub-system 702. The system 700 includes a second sub-system 704 whichincludes a digital signing service 720 interconnected to anencryption/decryption service 730 via communications link 725 andinterconnected to a data storage service 750 via communications link745. While the second sub-system is depicted with separate devices orservices, the second sub-system 704 may be configured in any suitablemanner to perform the operations as described below. In one embodiment,the one or more devices encompassing sub-system 704 is an offlinedevice, walled off and not interconnect to a separate network such theInternet. The device 704 may be a single device or a device be made upof multiple secure interconnected servers. Sub-system 704 is alsoreferred to herein as device 704 and used interchangeably to describethe same device.

The digital signing service 720 digitally signs transactions and/or datausing private keys (e.g., private keys associated with electronicaccounts or wallets). The encryption/decryption service 730 may encryptor decrypt data using one or more encryption/decryption standards (e.g.,AES 128-bit, 192-bit, 256-bit; 3DES; Twofish 128-bit to 256-bit; RSA1024-bit, 2048-bit), and may use any suitable encryption program orprocess such as GPG, PGP, OpenPGP). In one embodiment, theencryption/decryption service 730 is a Hardware Security Model (HSM)encryption/decryption service which provides a tamper-resistant hardwarearchitecture that allows cryptographic operations (encryption,decryption) while keeping the cryptographic key within its hardwareboundary. While depicted as two separate devices or services, thedigital signing service 720 and the encryption/decryption service 730may be combined into a single service and/or device.

FIG. 8 illustrates a flowchart of an example process for generatingsecured encrypted private keys. The system 700 via device 704 generatesa wallet private key and public key pair (block 810). The public key mayserve as a wallet or account identifier and/or the device 704 maygenerate a separate account or wallet identifier and associate thepublic key to the generated identifier. The device 704 may receive arequest for example, via a user interface or other input mechanism, togenerate a new wallet private key. In response to the request, thedevice 704 generates a new private wallet key having a public andprivate key pair. The device 704 associates the wallet private key withan electronic wallet and/or other electronic account. The wallet privatekey is used for accessing and conducting transactions for the associatedelectronic wallet or account.

The system 700 via the device 704 then generates N key shares of thewallet private key (block 820). In one embodiment, the device 704 usesShamir's secret sharing technique (as previously described above) tocreate N key shares. For example, the device 704 may set a predeterminednumber of 5 users that form the pool of total users that may receive akey share of the wallet private key. The device 704 may set a quorum(i.e., a required minimum number of key shares) of the 5 users that areneeded to reassemble the wallet private key.

The device 704 then encrypts (e.g., using an encryption program such asGPG, PGP, OpenPGP, or other suitable encryption program) each of thegenerated N key shares of the wallet private key with a public key (of apublic/private key pair) associated with the device 704 (block 830) thatcreated the wallet private key. The device's 704 encryption of the N keyshares of the wallet private key, thereby creates N encrypted key sharesof the wallet private key, and provides a first level of encryption.Since the N key shares are encrypted with the public key of the device704, then only a private key of the device 704 may decrypt therespective N key shares. Moreover, because Shamir's secret technique isemployed, a pre-determined number (e.g., quorum) of the N key shares arealso needed by the device 704 to recreate the wallet private key. Atthis point, the original generated wallet private key has been dividedinto multiple key shares and the key shares have each been encrypted ata first level of encryption using the public key of the device 704 thatgenerated the wallet private key.

The device 704 then encrypts (using an encryption program such as GPG,PGP, OpenPGP, or other suitable encryption program) the encrypted keyshares with a public key associated with the respective N users thatwill receive an encrypted key share of the wallet private key. At thispoint, the key shares now are encrypted at a second level of encryptionwith a unique encrypted key share for each of the respective Ndesignated users. For example, the device 704 may store a list of publickeys for the respective N users that may be designated to receive anencrypted key share. Additionally, the device 704 may receive via a userinterface, or other input mechanism, each of the user public keys thatwill be used to double encrypt the single encrypted key shares. Thedevice 704 may communicate with another interconnected data storagedevice 750 via a communications link 745 and may store the doubleencrypted keys shares along with an identifier of the user associatedwith the respective encrypted key shares. Communication by the digitalsigning service with the interconnected data storage device 750 iswithin an isolated network and is not connected to another externallocal or wide area networks, for example that are accessible via theInternet. In other words, while the digital signing service 720 maycommunicate over communications link 725 with the encrypt/decryptionservice 730, and may communicate over communication link 745 with thedata storage service 750, the services 720, 730, 750 are isolated andform a restricted network, both physically and wirelessly separate fromother networks.

The generated group of N double encrypted key shares may be obtainedfrom the device 704 and provided to another separate service 740 of thesystem 700 which will transmit the double encrypted key shares to therespective N users (block 850). For example, a trusted user (who ideallyis not an N user, but could be) may physically obtain from the device704 the generated group of N double encrypted keys and provide thedouble encrypted keys to the intermediary service 740 that will send thedouble encrypted keys to the respective N users. A client-sideapplication of a client device 710 then may require that a receiving Nuser must enter in their respective credentials (e.g., user-id andpassword, and/or via a two-step authentication process) to receive theirparticular double encrypted key. Optionally, the Nuser may use asuitable decryption software or program of choice to decrypt the outerlayer of encryption of the double encrypted key shares using the Nuser's private key of a PGP private/public key pair.

In one embodiment, the device 704 may be configured to determine a timeperiod in which a key share must be distributed to its intended N user.A time period value may be included in a data file along with theencrypted N key share. For example, the device 704 may generate a dateand time value in which the key share must be received by a receiving Nuser. The device 704 may be configured such that the device 704determines a date and time value based on a system date and time of thedevice 704 and adds an allowable time period (e.g., a number of hours ordays) for the Nuser to receive their key share. A time window forunlocking the key share may be set, for example, to 36 hours or 5 daysfrom the time the key share was created. The device 704 would then setan appropriate expiration date and time as 36 hours or 5 days from thecurrent system date and time, or the date and time when the key sharewas created. The time value in the data file could be obfuscated usingsome hash-value or routine, and/or could be encrypted using a public keyvalue of a PGP public/key private key pair of the intermediary service740.

Subsequently, an Nuser may try to decrypt, via a client-side applicationof the client device 710, their respective double encrypted key share.The client-side application may evaluate whether the double encryptedkey share was obtained by the receiving user by or before the expirationdate. For example, the client-device may send the encrypted data or hashfile to the intermediary service 740 which would then decrypt the datafile using the private key of the intermediary service 740 to obtain theexpiration date and time. The intermediary service 740 may thendetermine if the double encrypted key share was obtained by the N userafter the expiration date and time. If so, then intermediary service 740may transmit a message or information to the client-side applicationindicating the key share was not distributed to the respective N userwithin the required distribution time period. The system 700 maysubsequently prevent the respective N user that failed (for whateverreason) to receive their double encrypted key share within the allowablewindow of time, to validate or authorize any transactions.

Additionally, the client-side application may determine that an N usertried to unlock their respective double encrypted key shares (i.e.,decrypt a first layer of encryption), but was unsuccessful in theirattempt. This could indicate that the recipient tried to unlock anotherusers' key share, or that the user forgot their credential informationand failed in their attempt to decrypt the information. The client-sideapplication may transmit a message or information to the intermediaryservice 740 that there was an attempt to decrypt a double encrypted keyshare by a particular N user and that the attempt was unsuccessful. Theintermediary service 740 may be configured that in the event ofdetecting x (e.g., three) or more unsuccessful attempts to decrypt auser's double encrypted key share, that system 700 may prevent anysubsequent validation or authorization of any transactions by any Nusers.

FIG. 9 illustrates an example diagram of the system 700 generating aprivate key and using Shamir's Secret Sharing technique to encryptmultiple key shares. FIG. 9 further describes the flowchart of FIG. 8.Device 704 in FIG. 7 is represented as device 900 in FIG. 9. Uponreceiving a system request, the device 900 generates a wallet privatekey 902 and public key pair. The device 900 has associated with it apublic key 904 and private key 906 pair.

The device 900 generates a wallet private key 902 and public key 903pair. The device 900 generates N key shares (X₁, X₂, X₃, X₄, X₅) 910,912, 914, 916, 918 of the wallet private key 902. The device 900generates the N key shares 910, 912, 914, 916, 918 using Shamir's secretsharing technique. The total number of key shares to be generated by thedevice 900 is a configurable parameter.

The device 900 then encrypts the N key shares (X₁, X₂, X₃, X₄, X₅) 910,912, 914, 916, 918 with the device public key 904. The encryption of theN key shares may be performed by the device using an encryption programsuch as GPG, PGP, OpenPGP, or other suitable encryption program. Theencryption of the N key shares generates a first level of encrypted keyshares (Y₁, Y₂, Y₃, Y₄, Y₅) 920, 922, 924, 926, 928.

The device 900 then encrypts the respective first level encrypted keyshares (Y₁, Y₂, Y₃, Y₄, Y₅) 920, 922, 924, 926, 928 with a specificuser's public key. For example, 5 users (O₁, O₂, O₃, O₄, O₅) 940, 942,944, 946, 948 each have a respective public key (of a public/private keypair) 950, 952, 954, 956, 958. The device 900 may retrieve from a localdata store or memory cache, or receive via user input, the public keysassociated with the 5 users 940, 942, 944, 946, 948. The encryption ofthe first level encrypted key shares 20, 922, 924, 926, 928 may beperformed by the device 900 using an encryption program such as GPG,PGP, OpenPGP, or other suitable encryption program. The result of thisnext layer of encryption is the generation of double encrypted privatekey shares (Z₁, Z₂, Z₃, Z₄, Z₅) 930, 932, 934, 936, 938.

The generated group of N double encrypted key shares (Z₁, Z₂, Z₃, Z₄,Z₅) 930, 932, 934, 936, 938 may then be obtained from the device 900 andprovided to another separate service that transmits the double encryptedkey shares to the respective N users (block 850). For example, a trusteduser (who ideally is not an N user, but could be) may obtain from thedevice 900 the generated group of N double encrypted key shares andprovide the double encrypted key shares 930, 932, 934, 936, 938 toanother secondary service of the system 700 that will transmit thedouble encrypted keys to the respective N users. Alternatively, a user'sdouble encrypted key share may be physically delivered to a respective Nuser 940, 942, 944, 946, 948. Additionally, the public key 903 (and anyassociated account or wallet identifier) may be obtained from the device900 by the trusted user and provided to another separate service of thesystem 700 for initiating transactions associated with the electronicaccount or wallet. The device 900 may require that the trusted userenter an identifier and password and/or other credentials to access andinteract with the device 900.

FIG. 10 illustrates a flowchart of an example process for securelyprocessing a digital transaction. This flowchart describes how thedouble encrypted key shares discussed in regard to FIGS. 8 and 9 areused to securely process and sign a digital transaction with a walletprivate key. The digital transaction data may include an electronicaccount or wallet identifier and may include details about monies to betransferred.

A group of N users each receive electronic transaction data related toan electronic wallet or account (block 1010). For example, intermediaryservice 740, may receive a transaction from one or more client devices710, or from some other external service (such as the transfer service1200 depicted in FIG. 12). The intermediary service 740 may use a lookupor routing table to determine which N users should receive the digitaltransaction data for their approval. For example, the intermediaryservice 740 may cross-reference an electronic account, wallet identifieror public key associated with the wallet or account to a distributionlist to identify those N users who are needed to approve thetransaction.

The system 700 may have different groups of N users associated withdifferent electronic wallets or accounts. For example, for a firstaccount (e.g., account 123) the system 700 may require a first group ofN users to approve transactions associated with the first account, whilefor a second account (e.g., account 345) the system 700 may require asecond group of N users to approve transactions associated with thesecond account.

The intermediary service 740 signs the transaction data electronic witha public key of the electronic wallet associated with the transactiondata (block 1020). Alternatively, the transaction data is received bythe intermediary service 740 already having been signed with the publickey of the electronic wallet associated with the transaction data. Theintermediary service 740 may reference a lookup table based on anelectronic account or wallet identifier to obtain the public key neededto sign the transaction data. The intermediary service 740 submits thetransaction data to the respective N user, who then use a client-sideapplication to approve the transaction. In addition, to submitting thetransaction data to the respective N users, the intermediary service 740may also transmit the value of the public key 904 of the device 704, 900to the client-side application.

A client device 710 may generate or provide an application or userinterface to an N user. The client-side application may be used by an Nuser to authorize a received transaction. The client-side applicationmay be used to decrypt a second layer of encryption of the doubleencrypted key share (1030). Alternatively, an N user may use anotherapplication or software program to decrypt the second layer ofencryption. For each of the N users receiving the digital transactiondata, the client-side application requests the respective N users toauthorize the transaction.

The client-side application prompts an N user to enter their useridentification and password information and/or other security relatedcredentials. As discussed previously, each of the N users, have in theirpossession or accessible to them, a double encrypted key shareassociated with a private key of a wallet or electronic account (i.e.,having an inner and outer layer of encryption). To decrypt or unlock theouter layer of the double layer of encryption of the key share, theclient-side application receives a user's security credentials whichexposes the user's private key. The client-side application uses theexposed user private key to decrypt the outer layer of encryption of thedouble encrypted key share. This results in the obtaining the innerlayer encrypted key share. The inner layer encrypted key share is in theform of one of (x) of (y) key shares that was originally encrypted withthe public key of the device 704, 900 that generated the wallet privatekey.

The client-side application digitally signs the transaction and datawith the private key of the N user. The client-side application maygenerate individual transaction packets which include informationrelated to the transaction data, the signed transaction data and theinner encrypted key share (block 1040). The transaction packets may bein any suitable form or data structure to describe the transaction data,the signed transaction data, and the inner encrypted key share. For eachof the N users, a separate transaction packet would be created by theclient-side application at the time the N user authorizes thetransaction.

The client-side application of the client device 710 encrypts therespective transaction packets with a public key of the device 704, 900(block 1050). The client-side application uses the public key 904 of thedevice 704, 900 to encrypt the respective transaction packets using anencryption program such as GPG, PGP, OpenPGP, or other suitableencryption program.

Each client-side application of the client device(s) 710 transmits, forthe respective N users, their encrypted transaction packets to theintermediary service 740. The transaction packets may include theoriginal transaction and data, signed (i.e., with the N user privatekey) transaction and data, and the inner layer encrypted key share. Theintermediary service 740 transmits via an electronic communicationsprogram, or makes available directly from the intermediary service 740,the encrypted transaction packets to a trusted user (block 1060).Ideally, the trusted user is a user that is different than one of the Nusers. The intermediary service 740 may generate an electronicnotification to the trusted user when a quorum of required users hasbeen reached such that the digital transaction is ready to be signed bythe device 704, 900.

The system 700 may be configured such that the intermediary service 740conveys limited information to the trusted user and not provide anydetails about the digital transaction itself, such as the wallet orelectronic account identifier, or any amounts of monies to betransferred. A trusted user (who may be the same user or a differentuser than the original trusted user who originally received anddistributed the double encrypted key shares) may access the intermediaryservice 740 and receive each of the respective separate transactionpackets.

In one embodiment, the intermediary service 740 further encrypts thecollection of transaction packets into one electronic file using thepublic key 904 of the device 704, 900. In this manner, the trusted userdoes not receive any indication of how many separate transaction packetshave been received. In this embodiment, the trusted user receives only asingle encrypted file. In another embodiment, the collection oftransaction packets are transmitted to the device 704, 900 where thedevice decrypts and signs the transaction as described below.

The trusted user then physically transports and/or submits the separateencrypted transaction packets or the single encrypted file to the device704, 900. The device 704, 900 receives the information from the trusteduser, and then decrypts the respective transaction packets using theprivate key of the device 704, 900. This exposes the unencryptedseparate key shares. The device 704 validates (e.g., using the publickey of an N user) the digital signatures of each N user that signed arespective transaction packets to determine that the transaction datawas indeed generated by the particular N user. As previously noted,transaction data is digitally signed with a private key of an N user.The device 704 stores the public keys for each of the N users anddetermines based on the public keys whether the transaction data wassigned by one of the N users from the list. If the transaction data wasnot signed by a valid N user from the list, then the transaction willnot be authorized. The device 70 may provide an indication of an invalidattempt to authorize a transaction.

For each of the transaction packets that are confirmed to be generatedby the respective N users (e.g., via confirmation of their digitalsignature), then the device 704 proceeds to recreate a wallet privatekey using the encrypted key shares for each of the confirmed transactionpackets. The device 704 decrypts the encrypted key share using theprivate key 906 of the device 704, 900. The device 704, 900 uses atleast a quorum of the decrypted key shares to generate (i.e., recreate)the wallet private key. The device 704, 900 then digitally signs (i.e.,authorizes) the digital transaction using the generated wallet privatekey. The signed digital transaction information is then made availableby the device 704, 900 to the trusted user. The trusted user then maytake the signed digital transaction to the intermediary service 740 tocomplete the transaction (such as transfer of monies from the relatedcrypto currency account). For example, the intermediary service 740 maycomplete the transaction by broadcast the signed digital transaction toa bitcoin block chain.

FIG. 11 illustrates an example diagram of the system 700 processing asecured digital transaction related to an electronic wallet orelectronic account. FIG. 11 further describes the flowchart of FIG. 10.The intermediary service 740 receives electronic transactions 1102associated with an electronic wallet or account. The electronictransactions are sent from the intermediary service 740 to a client-sideapplication operating on one or more client device(s) 710.

Via the client-side application, the respective users (O₁, O₂, O₃, O₄,O₅) 1110, 1112, 1114, 1116, 1118 each receive an indication that atransaction is to be approved. For example, the client device 710 maygenerate a user interface with which the respective users may interactwith the system 700. The user interface may request user securitycredentials. The client-side application may obtain a user associatedprivate key 1120, 1122, 1124, 1126, 1128 to decrypt a double encryptedkey share (Z₁, Z₂, Z₃, Z₄, Z₅) 1130, 1132, 1134, 1136, 1138 that hadbeen received by a respective user (O₁, O₂, O₃, O₄, O₅) 1110, 1112,1114, 1116, 1118. The client-side application generates individualtransaction packets 1140, 1144, 1148 for those users that have approvedthe transaction. The client-side application signs the transaction withthe private key of the respective user (O₁, O₂, O₃, O₄, O₅). Thetransaction packets 1140, 1144, 1148 each include a respective singleencrypted key share (Z₁, Z₃, Z₅) 1150, 1154, 1158, a copy of the digitaltransaction data 1102, and a digital signed copy of the transaction data1160, 1164, 1168. For example, a transaction packet 1140, 1144, 1148 mayinclude a copy of a transaction and the transaction data, and signedcopy of the transaction and the transaction data (where the signed copyis signed with the private key of the respective user (O₁, O₂, O₃, O₄,O₅)).

The client-side application of the client device 710 then encrypts thetransaction packets 1140, 1144, 1148 with a public key of the device704, 900. This creates multiple encrypted transactions packets 1170,1174, 1178. The client-side application transmits the transactionpackets 1170, 1174, 1178 to the intermediary service 740 viacommunication link 735. While not shown, as previously indicated, themultiple encrypted transaction packets 1170, 1174, 1178 may be furtherencrypted by the intermediary service 740 using the public key of thedevice 704, 900 to generate a single encrypted file containing themultiple encrypted transaction packets 1170, 1174, 1178. Theintermediary service 740 then allows a trusted user 1180 to obtain theencrypted transaction packets or the single encrypted file containingthe multiple encrypted transaction packets 1170, 1174, 1178.

The trusted user 1180 then provides the encrypted transaction packets tothe device 704, 900. The device 704, 900 uses its private key 906 todecrypt the transaction packets 1170, 1174, 1178 to obtain therespective key shares for the wallet private key associated with theelectronic wallet or account.

As noted above, the device 704 validates the digital signatures of eachN user that signed the transaction and data to determine that thetransaction and data was indeed generated by a particular N user. If thetransaction packet was not signed by a valid N user from the list, thenthe transaction will not be authorized. The device 70 may provide anindication of an invalid attempt to authorize a transaction.

When the digital signatures of each N user have been validated, and ifthe device 704, 900 has received the minimum required number of keyshares (e.g., a predetermined quorum of key shares), then the device704, 900 may generate the wallet private key using the key sharesaccording to Shamir's secret sharing technique. The device 704 uses theobtained key shares to recreate the wallet private key. The device 704,900 then uses the wallet private key to digitally sign the transaction,thereby creating signed valid transaction data. The device 704, 900 maydelete from store and/or wipe from memory the wallet private key. Thedevice 704, 900 may store information about the signed valid transactiondata on the data storage service 750. However, the actual wallet privatekey would not be stored.

The signed valid transaction data is then made available by the device704, 900 to the trusted user. The trusted user obtains a copy of thesigned valid transaction data and provides the signed valid transactiondata to the intermediary service 740 which completes the transaction,for example, by broadcasting the signed transaction data to a cryptocurrency/blockchain network.

Optionally, the device 704, 900 may be configured to encrypt the signedvalid transaction data using a public key of the intermediary service740. In this embodiment, the device 740 stores in memory or on a storagedevice, a public key of the intermediary service 740 and uses the publickey of the intermediary service to encrypt the signed valid transactiondata. The intermediary service 740 would have an associatedpublic/private PGP key pair. The trusted user may then retrieve theencrypted signed valid transaction data from the device 704, 900. Thetrusted user uploads the encrypted signed valid transaction data to theintermediary service 740. The intermediary service 740 would use itsprivate key pair to decrypt the encrypted signed valid transaction data.This additional encryption and decryption step provides a further levelof approval/security so that the trusted user does not have access tounencrypted signed valid transaction data. Moreover, in the case of anyfailure of security measures and a fraudulent transaction was createdand signed, the transaction would still not be broadcast as thetransaction is transmitted by the intermediary service. The intermediaryservice 740 may complete the transaction, for example, by broadcastingthe unencrypted signed transaction data to a crypto currency/blockchainnetwork.

FIG. 12 illustrates an example system architecture for combining thearchitecture depicted in FIG. 1 and FIG. 7. The systems 100, 700 may becombined using a transfer service 1200. The transfer service 1200provides a gateway to transfer monies associated with electronicaccounts managed by the first system 100, and the monies associated withelectronic accounts managed by the second system 700. The transferservice may receive a request from either system 100, 700 and transfermonies to wallets as described for the respective systems.

While the foregoing disclosure describes N key shares generated by thesystems 100, 700, 900 using Shamir's secret sharing technique, thesystems 100, 700, 900 may generate N(M) key shares for a respective Nkey share. For example, the system 100, 700, 900 may generate 5 keyshares. Of those 5 key shares, the system 100,700, 900 may further shard(e.g., divide) one or more of the 5 key shares into sub-key shares anduse the encryption techniques described herein to encrypt the sub-keyshares. As an implementation then, a quorum of 2 or more users havingchild sub-key shares may be required to “unlock” a parent key share.Sub-sharding one or more N key shares then requires groups of Msub-users to collectively “unlock” a parent N key share. For each of theN key shares, the required number of M sub-users may be 0, 1, 2 or more.

FIG. 13 illustrates an example machine of a computer system within whicha set of instructions, for causing the machine to perform any one ormore of the methodologies discussed herein, may be executed. Inalternative implementations, the machine may be connected (e.g.,networked) to other machines in a LAN, an intranet, an extranet, and/orthe Internet. The machine may operate in the capacity of a server or aclient machine in client-server network environment, as a peer machinein a peer-to-peer (or distributed) network environment, or as a serveror a client machine in a cloud computing infrastructure or environment.

The machine may be a personal computer (PC), a tablet PC, a set-top box(STB), a Personal Digital Assistant (PDA), a cellular telephone, a webappliance, a server, a network router, a switch or bridge, or anymachine capable of executing a set of instructions (sequential orotherwise) that specify actions to be taken by that machine. Further,while a single machine is illustrated, the term “machine” shall also betaken to include any collection of machines that individually or jointlyexecute a set (or multiple sets) of instructions to perform any one ormore of the methodologies discussed herein.

The example computer system 1300 includes a processing device 1302, amain memory 1304 (e.g., read-only memory (ROM), flash memory, dynamicrandom access memory (DRAM) such as synchronous DRAM (SDRAM) or RambusDRAM (RDRAM), etc.), a static memory 1306 (e.g., flash memory, staticrandom access memory (SRAM), etc.), and a data storage device 1318,which communicate with each other via a bus 1330.

Processing device 702 represents one or more general-purpose processingdevices such as a microprocessor, a central processing unit, or thelike. More particularly, the processing device may be complexinstruction set computing (CISC) microprocessor, reduced instruction setcomputing (RISC) microprocessor, very long instruction word (VLIW)microprocessor, or processor implementing other instruction sets, orprocessors implementing a combination of instruction sets. Processingdevice 1302 may also be one or more special-purpose processing devicessuch as an application specific integrated circuit (ASIC), a fieldprogrammable gate array (FPGA), a digital signal processor (DSP),network processor, or the like. The processing device 1302 is configuredto execute instructions 1326 for performing the operations and stepsdiscussed herein.

The computer system 1300 may further include a network interface device1308 to communicate over the network 1320. The computer system 1300 alsomay include a video display unit 1310 (e.g., a liquid crystal display(LCD) or a cathode ray tube (CRT)), an alphanumeric input device 1312(e.g., a keyboard), a cursor control device 1314 (e.g., a mouse), agraphics processing unit 1322, a signal generation device 1316 (e.g., aspeaker), graphics processing unit 1322, video processing unit 1328, andaudio processing unit 1332.

The data storage device 1318 may include a machine-readable storagemedium 1324 (also known as a computer-readable medium) on which isstored one or more sets of instructions or software 1326 embodying anyone or more of the methodologies or functions described herein. Theinstructions 1326 may also reside, completely or at least partially,within the main memory 1304 and/or within the processing device 1302during execution thereof by the computer system 1300, the main memory1304 and the processing device 1302 also constituting machine-readablestorage media.

In one implementation, the instructions 1326 include instructions toimplement functionality corresponding to the components of a device toperform the disclosure herein. While the machine-readable storage medium1324 is shown in an example implementation to be a single medium, theterm “machine-readable storage medium” should be taken to include asingle medium or multiple media (e.g., a centralized or distributeddatabase, and/or associated caches and servers) that store the one ormore sets of instructions. The term “machine-readable storage medium”shall also be taken to include any medium that is capable of storing orencoding a set of instructions for execution by the machine and thatcause the machine to perform any one or more of the methodologies of thepresent disclosure. The term “machine-readable storage medium” shallaccordingly be taken to include, but not be limited to, solid-statememories, optical media and magnetic media.

Some portions of the preceding detailed descriptions have been presentedin terms of algorithms and symbolic representations of operations ondata bits within a computer memory. These algorithmic descriptions andrepresentations are the ways used by those skilled in the dataprocessing arts to most effectively convey the substance of their workto others skilled in the art. An algorithm is here, and generally,conceived to be a self-consistent sequence of operations leading to adesired result. The operations are those requiring physicalmanipulations of physical quantities. Usually, though not necessarily,these quantities take the form of electrical or magnetic signals capableof being stored, combined, compared, and otherwise manipulated. It hasproven convenient at times, principally for reasons of common usage, torefer to these signals as bits, values, elements, symbols, characters,terms, numbers, or the like.

It should be borne in mind, however, that all of these and similar termsare to be associated with the appropriate physical quantities and aremerely convenient labels applied to these quantities. Unlessspecifically stated otherwise as apparent from the above discussion, itis appreciated that throughout the description, discussions utilizingterms such as “identifying” or “determining” or “executing” or“performing” or “collecting” or “creating” or “sending” or the like,refer to the action and processes of a computer system, or similarelectronic computing device, that manipulates and transforms datarepresented as physical (electronic) quantities within the computersystem's registers and memories into other data similarly represented asphysical quantities within the computer system memories or registers orother such information storage devices.

The present disclosure also relates to an apparatus for performing theoperations herein. This apparatus may be specially constructed for theintended purposes, or it may comprise a general purpose computerselectively activated or reconfigured by a computer program stored inthe computer. Such a computer program may be stored in a computerreadable storage medium, such as, but not limited to, any type of diskincluding floppy disks, optical disks, CD-ROMs, and magnetic-opticaldisks, read-only memories (ROMs), random access memories (RAMs), EPROMs,EEPROMs, magnetic or optical cards, or any type of media suitable forstoring electronic instructions, each coupled to a computer system bus.

Various general purpose systems may be used with programs in accordancewith the teachings herein, or it may prove convenient to construct amore specialized apparatus to perform the method. The structure for avariety of these systems will appear as set forth in the descriptionabove. In addition, the present disclosure is not described withreference to any particular programming language. It will be appreciatedthat a variety of programming languages may be used to implement theteachings of the disclosure as described herein.

The present disclosure may be provided as a computer program product, orsoftware, that may include a machine-readable medium having storedthereon instructions, which may be used to program a computer system (orother electronic devices) to perform a process according to the presentdisclosure. A machine-readable medium includes any mechanism for storinginformation in a form readable by a machine (e.g., a computer). Forexample, a machine-readable (e.g., computer-readable) medium includes amachine (e.g., a computer) readable storage medium such as a read onlymemory (“ROM”), random access memory (“RAM”), magnetic disk storagemedia, optical storage media, flash memory devices, etc.

In the foregoing disclosure, implementations of the disclosure have beendescribed with reference to specific example implementations thereof. Itwill be evident that various modifications may be made thereto withoutdeparting from the broader spirit and scope of implementations of thedisclosure as set forth in the following claims. The disclosure anddrawings are, accordingly, to be regarded in an illustrative senserather than a restrictive sense.

What is claimed is:
 1. A system comprising one or more processors, and anon-transitory computer-readable medium including one or more sequencesof instructions that, when executed by the one or more processors, causethe system to perform operations comprising: obtaining multipleencrypted private keys from a data storage service, wherein the datastorage service is configured to encrypt and store the multipleencrypted private keys with an additional layer of encryption, andwherein at least a predetermined number of private keys shares from atotal number of private key shares are required to decrypt theadditional layer of encryption; storing the multiple encrypted privatekeys in a memory cache accessible by a primary device, each encryptedprivate key being associated with a separate electronic account;receiving from a requesting secondary device an electronic transactionassociated with a first electronic account, the requesting secondarydevice being separate from the primary device; identifying a particularencrypted private key from the stored multiple encrypted private keysthat is associated with the first electronic account, the encryptedprivate key being selected from one of the multiple encrypted privatekeys stored in the memory cache; decrypting the identified encryptedprivate key by providing the identified encrypted private key to adecrypting service and receiving from the decrypting service anunencrypted private key associated with the identified encrypted privatekey; digitally signing the electronic transaction based on theunencrypted private key; and transmitting the digitally signedelectronic transaction to the requesting secondary device.
 2. The systemof claim 1, wherein the primary device temporarily stores theunencrypted private key in the memory cache, and then after digitallysigning the electronic transaction permanently wiping the unencryptedprivate key from the memory cache.
 3. The system of claim 1, furthercomprising the operations of: receiving an unencrypted private key froma tertiary device, the tertiary device being separate from the primarydevice and the secondary device; encrypting the unencrypted private keyby transmitting the unencrypted private key to an encrypting service andreceiving from the encrypting service a newly encrypted private keyassociated with the unencrypted private key; and storing the newlyencrypted private key in the primary cache of the primary device.
 4. Thesystem of claim 3, further comprising the operations of: transmittingthe newly encrypted private key to a data storage service, wherein thedata storage service is configured to encrypt and store the newlyencrypted private key using Shamir's secret sharing technique.
 5. Thesystem of claim 1, wherein the multiple encrypted private keys are eachencrypted in the Advanced Encryption Standard with a 256-bit key.
 6. Thesystem of claim 1, wherein the first electronic account is an electronicwallet, and the electronic transaction comprises a request to transmit amonetary value of digital currency from the electronic wallet to apublic address of a second electronic wallet, and wherein the firstelectronic wallet has an associated unencrypted private key.
 7. A methodimplemented by a system comprising one or more processors, the methodcomprising: obtaining multiple encrypted private keys from a datastorage service, wherein the data storage service is configured toencrypt and store the multiple encrypted private keys with an additionallayer of encryption, and wherein at least a predetermined number ofprivate keys shares from a total number of private key shares arerequired to decrypt the additional layer of encryption; storing themultiple encrypted private keys in a memory cache accessible by aprimary device, each encrypted private key being associated with aseparate electronic account; receiving from a requesting secondarydevice an electronic transaction associated with a first electronicaccount, the requesting secondary device being separate from the primarydevice; identifying a particular encrypted private key from the storedmultiple encrypted private keys that is associated with the firstelectronic account, the encrypted private key being selected from one ofthe multiple encrypted private keys stored in the memory cache;decrypting the identified encrypted private key by providing theidentified encrypted private key to a decrypting service and receivingfrom the decrypting service an unencrypted private key associated withthe identified encrypted private key; digitally signing the electronictransaction based on the unencrypted private key; and transmitting thedigitally signed electronic transaction to the requesting secondarydevice.
 8. The method of claim 7, wherein the primary device temporarilystores the unencrypted private key in the memory cache, and then afterdigitally signing the electronic transaction permanently wiping theunencrypted private key from the memory cache.
 9. The method of claim 7,further comprising the operations of: receiving an unencrypted privatekey from a tertiary device, the tertiary device being separate from theprimary device and the secondary device; encrypting the unencryptedprivate key by transmitting the unencrypted private key to an encryptingservice and receiving from the encrypting service a newly encryptedprivate key associated with the unencrypted private key; and storing thenewly encrypted private key in the primary cache of the primary device.10. The method of claim 9, further comprising the operations of:transmitting the newly encrypted private key to a data storage service,wherein the data storage service is configured to encrypt and store thenewly encrypted private key using Shamir's secret sharing technique. 11.The method of claim 7, wherein the multiple encrypted private keys areeach encrypted in the Advanced Encryption Standard with a 256-bit key.12. The method of claim 7, wherein the first electronic account is anelectronic wallet, and the electronic transaction comprises a request totransmit a monetary value of digital currency from the electronic walletto a public address of a second electronic wallet, and wherein the firstelectronic wallet has an associated unencrypted private key.
 13. Anon-transitory computer storage medium comprising instructions that whenexecuted by a system comprising one or more processors, cause the one ormore processors to perform operations comprising: obtaining multipleencrypted private keys from a data storage service, wherein the datastorage service is configured to encrypt and store the multipleencrypted private keys with an additional layer of encryption, andwherein at least a predetermined number of private keys shares from atotal number of private key shares are required to decrypt theadditional layer of encryption; storing the multiple encrypted privatekeys in a memory cache accessible by a primary device, each encryptedprivate key being associated with a separate electronic account;receiving from a requesting secondary device an electronic transactionassociated with a first electronic account, the requesting secondarydevice being separate from the primary device; identifying a particularencrypted private key from the stored multiple encrypted private keysthat is associated with the first electronic account, the encryptedprivate key being selected from one of the multiple encrypted privatekeys stored in the memory cache; decrypting the identified encryptedprivate key by providing the identified encrypted private key to adecrypting service and receiving from the decrypting service anunencrypted private key associated with the identified encrypted privatekey; digitally signing the electronic transaction based on theunencrypted private key; and transmitting the digitally signedelectronic transaction to the requesting secondary device.
 14. Thenon-transitory computer storage medium of 13, wherein the primary devicetemporarily stores the unencrypted private key in the memory cache, andthen after digitally signing the electronic transaction permanentlywiping the unencrypted private key from the memory cache.
 15. Thenon-transitory computer storage medium of 13, further comprising theoperations of: receiving an unencrypted private key from a tertiarydevice, the tertiary device being separate from the primary device andthe secondary device; encrypting the unencrypted private key bytransmitting the unencrypted private key to an encrypting service andreceiving from the encrypting service a newly encrypted private keyassociated with the unencrypted private key; and storing the newlyencrypted private key in the primary cache of the primary device. 16.The non-transitory computer storage medium of 15, further comprising theoperations of: transmitting the newly encrypted private key to a datastorage service, wherein the data storage service is configured toencrypt and store the newly encrypted private key using Shamir's secretsharing technique.
 17. The non-transitory computer storage medium of 13,wherein the multiple encrypted private keys are each encrypted in theAdvanced Encryption Standard with a 256-bit key.
 18. The non-transitorycomputer storage medium of 13, wherein the first electronic account isan electronic wallet, and the electronic transaction comprises a requestto transmit a monetary value of digital currency from the electronicwallet to a public address of a second electronic wallet, and whereinthe first electronic wallet has an associated unencrypted private key.